Cyber Security Trends for SMB in 2023
Posted on December 5, 2022
4 mins to read
Anton Guzhevskiy
Cyber Security Consultant at Klik Solutions
Cybersecurity is rapidly growing in the business world as one of the biggest areas needing attention. However, small and medium-sized businesses’ needs differ from those of large enterprises.
Here Anton Guzhevskiy, Security Consultant at Klik Solutions, discusses some of the top cyber security trends and challenges small and medium-sized businesses face as we enter the new year!
1. Small businesses are often overly confident about their cybersecurity, and many are ill-prepared to deal with this type of threat.
According to a recent CNBC report, many small and medium-sized businesses (SMBs) think they are too small and unimportant to hackers and cybercriminals. Therefore, the investment in solid protection against these threats is not up to speed! Larger corporations invest resources, both human and IT, to ensure their networks and data are fully protected and less likely to be impacted by cybercrimes.
Because resources are not as readily available and SMBs focus less intentionally on their own cyber security, they are ripe for malware, ransomware, and hackers. Their systems are often lacking the protection needed and therefore are the number one target. SMBs represent most data breaches occurring last year.
CNBC reports that only 28% of SMBs said they have a Cyber Response Plan in place in the event of a breach or attack. Almost half, 42%, said they have no plan, and 11% said they were unsure what the plan was. Only 26% carry cyber insurance.
Here are some 2022 statistics for SMBs.
- 61% of SMBs Experienced a Cyberattack During the Last Year (Source: Verizon.com)
- 25% of Small Business Owners That Experienced an Attack Lost Business (Source: Bull Guard). Among small businesses that fell victim to cybercriminals, 25% lost business because of the attack. Among the reasons for lost business are downtime leading to missed opportunities and customers becoming wary about using a company they view as less secure.
- 51% of Small Business Owners Pay the Money When Hit with Ransomware
- According to Smallbizrends.com, “the AppRiver Cyberthreat Index for Business Survey says 55% of small businesses will pay in the event of a ransomware attack. Willingness to pay increases to 74% for larger small businesses. In fact, 39% say they will pay almost any price.
2. Sophisticated threat actors targeting smaller businesses
Until recently, SMBs were only affected by opportunistic attackers, running phishing campaigns and distributing malware in mass. Now, we see threat actors being significantly more persistent and targeting companies they choose to compromise.
Attackers become more and more proficient in bypassing standard security tools such as firewalls, antivirus, email filtering, and even multi-factor authentication.
To counter these threats, SMBs need to have an end-to-end security program in place, implementing not only standard protective technologies but also mechanisms to proactive detect malicious activity. They must also be able to respond to any security incidents.
3. SMBs need more sophisticated, multi-dimensional protection mechanisms
For many years, cybersecurity vendors tried to make security as simple as possible for end users. Buy this agent, and you will be secure. Install this appliance, and you will be protected.
This approach does not work anymore. These days, even smaller businesses need more inclusive, multi-faceted solutions which will provide end-to-end security like larger enterprises. In 2023, SMBs need to look at their entire IT environment and implement multiple controls, like multi-factor authentication, security monitoring, vulnerability scanning, and attack surface management.
4. SMBs will continue to seek cost optimization and consolidation with their cyber security solutions
With increasingly complex threats comes an almost exponential growth of cybersecurity solutions and options to address them. Many of these require tedious amounts of work to adequately integrate, support, and manage. SMBs face a heavy burden with the need to secure everything from operating systems and mobile devices to physical and virtual servers and cloud workloads.
As such, security solutions must be adequately equipped with capabilities that will deliver effective holistic or unified management for all threat surfaces. This includes endpoints, networks, cloud services, email servers, and web gateways. Look for cost-effective solutions that cover all threat vectors to strengthen your security posture. Conducting routine proofs-of-concept should help to ensure that already limited security budgets are well spent.
5. Cyber security readiness services will be in high demand, as SMBs are seeking to proactively prepare to counter cyber threats
Increasingly, SMBs are turning to external services to enhance their cyber security posture and proactively prepare for potential attacks. Cybersecurity maturity assessments are a viable means to determine gaps or shortcomings in an organization’s level of protection. These assessments often include prescriptive guidance and actions for remediating them. Incident response (IR) preparedness is another service under significant demand which helps businesses plan for a security breach. The need to have a well-rehearsed IR plan is quickly becoming table stakes as government-mandated regulations are quickly taking aim at the enterprise level; this will inevitably cascade to SMBs.
